From 42e434b5a7188485df84803e90d3829a01968cf2 Mon Sep 17 00:00:00 2001
From: Jesse Coretta <74126726+JesseCoretta@users.noreply.github.com>
Date: Wed, 25 Sep 2024 03:20:35 -0700
Subject: [PATCH] [#400] Reduce character escaping in example, add note  (#413)

Co-authored-by: Jesse Coretta <{ID}+{username}@users.noreply.github.com>
---
 .../admin-guide/chap-privileges-acis.xml      | 32 +++++++++++--------
 1 file changed, 19 insertions(+), 13 deletions(-)

diff --git a/opendj-doc-generated-ref/src/main/docbkx/admin-guide/chap-privileges-acis.xml b/opendj-doc-generated-ref/src/main/docbkx/admin-guide/chap-privileges-acis.xml
index d483961d89..2ae66f1423 100644
--- a/opendj-doc-generated-ref/src/main/docbkx/admin-guide/chap-privileges-acis.xml
+++ b/opendj-doc-generated-ref/src/main/docbkx/admin-guide/chap-privileges-acis.xml
@@ -1201,19 +1201,25 @@ The LDAP password modify operation was successful</screen>
    example if you use it as the basis for your script.</para>
 
    <screen>$ dsconfig \
- set-access-control-handler-prop \
- --remove global-aci:\(targetattr!=\"userPassword\|\|authPassword\|\|changes\|\
-\|changeNumber\|\|changeType\|\|changeTime\|\|targetDN\|\|newRDN\|\
-\|newSuperior\|\|deleteOldRDN\|\|targetEntryUUID\|\|changeInitiatorsName\|\
-\|changeLogCookie\|\|includedAttributes\"\)\(version\ 3.0\;\ acl\ \"Anonymous\
-\ read\ access\"\;\ allow\ \(read,search,compare\)\
-\ userdn=\"ldap:///anyone\"\;\)\
- --hostname opendj.example.com \
- --port 4444 \
- --bindDN cn=Directory\ Manager \
- --bindPassword password \
- --trustAll \
- --no-prompt</screen>
+set-access-control-handler-prop \
+--remove=global-aci:'(targetattr!="userPassword||authPassword||changes||
+changeNumber||changeType||changeTime||targetDN||newRDN||
+newSuperior||deleteOldRDN||targetEntryUUID||changeInitiatorsName||
+changeLogCookie||includedAttributes")(version 3.0; acl "Anonymous
+ read access"; allow (read,search,compare) userdn="ldap:///anyone";)' \
+--hostname=opendj.example.com \
+--port=4444 \
+--bindDN=cn=Directory\ Manager \
+--bindPassword=password \
+--trustAll \
+--no-prompt</screen>
+
+   <note>The above command sequence utilizes single quote encapsulation
+   of the "<literal>global-aci</literal>" value. This is simply to avoid
+   the need for extensive character escapes.  If the quotes are removed,
+   the user will need to manually escape certain characters, such as pipe
+   (<literal>|</literal>) or exclamation points (<literal>!</literal>) to
+   avoid shell errors.</note>
 
    <para>If the <literal>global-aci</literal> does not match the ACI exactly
    then the command fails to remove the value. An alternative approach is to